A unique cryptographic key stored securely in the server is used to verify the authenticity of a chip (i.e., to determine whether a chip is real or fake). Specifically, during chip authentication the server uses the serial ID number of the chip to pull up the specific, unique key associated with that chip. The server then sends a randomly generated challenge question (e.g., some code) to the chip which the chip then encrypts and sends back to the server. The chip typically uses a universal encryption algorithm coupled with its unique key. The server then verifies the ID of the chip by decrypting the output from the chip using the key the server has associated with that chip ID. The server compares the decrypted challenge question with the original challenge question sent to the chip. Only if the two match can the chip be authenticated.
Protecting the key is one area of vulnerability in typical systems. For instance, as encryption/decryption is usually done by the application-specific integrated circuit (ASIC), cryptographic keys (unencrypted) often appear in data random access memory (RAM), registers and cache memory. All of these storage elements have transistors switching whenever a value of data is changed. Switching of transistors causes information leakage through various channels including power supply line and electromagnetic emission. Current consumption analysis can be accessed through direct probing of the circuit power line, which requires reverse-engineering of the chip.
It is also possible to direct access word line (WL)/bit line (BL) of cryptographic key arrays in the chip to steal the key by reverse-engineering. Once the key is stolen, hackers can duplicate unlimited number of chips and the chip authentication is compromised.
Furthermore, cryptographic keys based on charge-storing memories are usually vulnerable to Differential Power Analysis (DPA). For example, the current consumption difference before and after baking the chip at a high temperature (which shifts charge stored) can be easily used to estimate “1” and “0” in the key. Therefore, it is highly desirable to generate the random key using non charge-storing based technology.
Accordingly, techniques for cryptographic key generation and protection which are more robust against reverse-engineering and other procedures used to impermissibly obtain the key would be desirable.